Systems Controls and Security Measures The Classification of Controls Controls within a computer system are broken down into two types. They are general controls and application controls. General Controls Organization and operation of the computer facilities-An IT Planning or Steering Committee should oversee the IT function. - The IT function should be positioned within the organization so as to ensure its authority as well assist independence from user departments.- Staffing requirements should be evaluated whenever necessary to make sure that the IT function has sufficient, competent staff. -Segregation of duties should be maintained between and among the following functions: Systems analysts, Information systems use, Data entry, Data control clerks, Programmers, Computer operation, Network management, System administration, Librarian, Systems development and maintenance, Change management, Security administration, Security audit General Operating Procedures-Standard procedures for all IT operations, including network operations, should be documented. - Task descriptions should be written for each job function-Physical safeguards should be established over forms - The process to follow in system development and system changes should be documented - Turnaround (returned) documents should be used whenever appropriate Equipment Controls- A defined backup procedure should be in place- Transaction trails should be available for tracing the contents of any individual transaction - Statistics on data input and other types of source errors should be accumulated and reviewed to determine remedial efforts needed to reduce errors. Equipment Access and Data Access Controls The responsibility for logical security and physical security should be assigned to an information security manager who reports to the organization's senior management.- Logical security consists of access and ability to use the equipment and data. It includes Internet security (firewalls) and virus protection procedures; access controls for users to minimize actions they can perform; authentication processes to verify the identity of users; and cryptographic techniques such as encryption of messages and digital signatures.-Physical security involves things such as keeping servers and associated peripheral equipment in a separate,

This preview
has intentionally blurred sections.
Sign up to view the full version.